Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 15/03/2022

15th of March 2022 - Winners of the 11th week : Redline, Emotet and NjRAT.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

15/03/2022

Distribution :

TLP : WHITE  

What's new?

Redline (NC)

Fake Valorant cheats on YouTube infect you with RedLine stealer

#ASEC security analysts, from #South Korea discovered a malware campaign that tries to exploit #Valorant game fame to lure victims.

Threat actor creates #Youtube content to promote a new auto-aiming cheat on this First Person Shooter (#FPS) and gives future victim a link to the package on #Anonfile.com, a file sharing platform, in the description of the video. The #RAR file contains an executable named “Cheat installer.exe”.

Malware campaign previously spotted in October 2021 led to #Raccoon or #Redline Stealer. This one is “only” leading to #Redline.

#Redline is an information stealer following a Malware-as-a-Service model (#MaaS) and running at least since 2020. It steals #credentials, #browser history, #credit card information, #vpn client configuration as well as taking desktop #screenshots or saving #keystrokes. The stolen information is packed and delivered to the threat actor using a #Webhook API post request to a #Discord channel. Redline also allows to execute commands on the victims’ machines and upload or download files.

https://www.bleepingcomputer.com/news/security/fake-valorant-cheats-on-youtube-infect-you-with-redline-stealer/

 

Download the report

 

 

Print Email